Cyber Attack on Clackamas Community College Compromises Sensitive Personal Data

Oregon-based Clackamas Community College reported that in October, cyber criminals infiltrated its internal systems, compromising and gaining access to the personal information of more than 30,000 individuals.

 

Clackamas Community College is a public community college serving the communities of Oregon City, Clackamas, and Wilsonville, Oregon, through its three campuses.

 

In a data security incident notice posted on its website, Clackamas reported that it detected suspicious activity linked to a user account on September 10, and promptly reset the account. The college later identified additional suspicious activity within its internal network on October 24.

 

Clackamas immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected systems including taking them offline and notified relevant law enforcement authorities about the same.

 

“The forensic investigation determined that an unauthorised third party accessed a small number of systems, and acquired files from those systems on October 24, 2025,” Clackamas said.

 

The compromised data included names, dates of birth, Social Security numbers, student record information, government identification numbers, tax identification numbers, medical information, passport numbers, and financial account information.

 

In a filing with the Office of Maine Attorney General, Clackamas said that it has identified at least 33,381 individuals impacted by the incident. 

 

Clackamas has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

 

 

The Medusa ransomware group claimed responsibility for the cyber attack on Clackamas, listing the college as a victim on its data leak site. The group claimed it exfiltrated 1.2 TB of confidential data and threatened to release the information unless a $300,000 ransom was paid.